commit a8403218830f0f8c766586fa459b0fb9ad388709
parent 86f35c132bdd2ea196f2245f031c55bdeefb8bee
Author: Zack Newman <zack@philomathiclife.com>
Date: Mon, 23 Jun 2025 13:53:39 -0600
more lints
Diffstat:
10 files changed, 124 insertions(+), 66 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,21 +9,48 @@ license = "MIT OR Apache-2.0"
name = "rpz"
readme = "README.md"
repository = "https://git.philomathiclife.com/repos/rpz/"
-version = "1.3.0"
+version = "1.4.0"
[lints.rust]
-unknown_lints = { level = "deny", priority = -1 }
+ambiguous_negative_literals = { level = "deny", priority = -1 }
+closure_returning_async_block = { level = "deny", priority = -1 }
+deref_into_dyn_supertrait = { level = "deny", priority = -1 }
+ffi_unwind_calls = { level = "deny", priority = -1 }
future_incompatible = { level = "deny", priority = -1 }
+impl_trait_redundant_captures = { level = "deny", priority = -1 }
+keyword-idents = { level = "deny", priority = -1 }
let_underscore = { level = "deny", priority = -1 }
+linker_messages = { level = "deny", priority = -1 }
+macro_use_extern_crate = { level = "deny", priority = -1 }
+meta_variable_misuse = { level = "deny", priority = -1 }
+missing_copy_implementations = { level = "deny", priority = -1 }
+missing_debug_implementations = { level = "deny", priority = -1 }
missing_docs = { level = "deny", priority = -1 }
+non_ascii_idents = { level = "deny", priority = -1 }
nonstandard_style = { level = "deny", priority = -1 }
+redundant_imports = { level = "deny", priority = -1 }
+redundant_lifetimes = { level = "deny", priority = -1 }
refining_impl_trait = { level = "deny", priority = -1 }
rust_2018_compatibility = { level = "deny", priority = -1 }
rust_2018_idioms = { level = "deny", priority = -1 }
rust_2021_compatibility = { level = "deny", priority = -1 }
rust_2024_compatibility = { level = "deny", priority = -1 }
+single_use_lifetimes = { level = "deny", priority = -1 }
+trivial_casts = { level = "deny", priority = -1 }
+trivial_numeric_casts = { level = "deny", priority = -1 }
+unit_bindings = { level = "deny", priority = -1 }
+unknown_lints = { level = "deny", priority = -1 }
+unnameable_types = { level = "deny", priority = -1 }
+unreachable_pub = { level = "deny", priority = -1 }
unsafe_code = { level = "deny", priority = -1 }
+unstable_features = { level = "deny", priority = -1 }
unused = { level = "deny", priority = -1 }
+unused_crate_dependencies = { level = "deny", priority = -1 }
+unused_import_braces = { level = "deny", priority = -1 }
+unused_lifetimes = { level = "deny", priority = -1 }
+unused_qualifications = { level = "deny", priority = -1 }
+unused_results = { level = "deny", priority = -1 }
+variant_size_differences = { level = "deny", priority = -1 }
warnings = { level = "deny", priority = -1 }
[lints.clippy]
@@ -45,9 +72,9 @@ exhaustive_structs = "allow"
implicit_return = "allow"
min_ident_chars = "allow"
missing_trait_methods = "allow"
-multiple_crate_versions = "allow"
-pub_use = "allow"
+pub_with_shorthand = "allow"
question_mark_used = "allow"
+redundant_pub_crate = "allow"
ref_patterns = "allow"
return_and_then = "allow"
single_call_fn = "allow"
@@ -55,16 +82,16 @@ single_char_lifetime_names = "allow"
unseparated_literal_suffix = "allow"
[dependencies]
-ascii_domain = { version = "0.6.4", default-features = false }
+ascii_domain = { version = "0.6.5", default-features = false }
num-bigint = { version = "0.4.6", default-features = false }
-priv_sep = { version = "3.0.0-alpha.1", default-features = false, optional = true }
-reqwest = { version = "0.12.15", default-features = false, features = ["brotli", "deflate", "gzip", "rustls-tls-native-roots", "trust-dns"] }
+priv_sep = { version = "3.0.0-alpha.1.1", default-features = false, optional = true }
+reqwest = { version = "0.12.20", default-features = false, features = ["brotli", "deflate", "gzip", "rustls-tls-native-roots", "trust-dns"] }
serde = { version = "1.0.219", default-features = false }
-superset_map = { version = "0.3.1", default-features = false }
-tokio = { version = "1.45.0", default-features = false, features = ["rt", "time"] }
-toml = { version = "0.8.22", default-features = false, features = ["parse"] }
+superset_map = { version = "0.3.3", default-features = false }
+tokio = { version = "1.45.1", default-features = false, features = ["rt", "time"] }
+toml = { version = "0.8.23", default-features = false, features = ["parse"] }
url = { version = "2.5.4", default-features = false, features = ["serde"] }
-zfc = { version = "0.4.1", default-features = false }
+zfc = { version = "0.4.3", default-features = false }
### FEATURES #################################################################
diff --git a/src/app.rs b/src/app.rs
@@ -11,7 +11,7 @@ use std::{
};
use superset_map::SupersetSet;
/// Helper that returns the `Kind` of a file.
-pub trait Helper {
+pub(crate) trait Helper {
/// Returns the `Kind` of file.
fn kind() -> Kind;
}
@@ -37,7 +37,7 @@ impl Helper for Wildcard<'_> {
}
/// Container of `Domain`s to block and unblock.
#[derive(Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
-pub struct Domains<'unblock, 'block> {
+pub(crate) struct Domains<'unblock, 'block> {
/// `RpzDomain`s to not block.
unblock: SupersetSet<RpzDomain<'unblock>>,
/// `RpzDomain`s to block.
@@ -45,11 +45,11 @@ pub struct Domains<'unblock, 'block> {
}
impl<'unblock, 'block> Domains<'unblock, 'block> {
/// Returns a reference to the `RpzDomain`s to block.
- pub const fn block(&self) -> &SupersetSet<RpzDomain<'block>> {
+ pub(crate) const fn block(&self) -> &SupersetSet<RpzDomain<'block>> {
&self.block
}
/// Returns an empty `Domains`.
- pub const fn new() -> Self {
+ pub(crate) const fn new() -> Self {
Self {
unblock: SupersetSet::new(),
block: SupersetSet::new(),
@@ -57,7 +57,7 @@ impl<'unblock, 'block> Domains<'unblock, 'block> {
}
/// Returns `Domains` based on `LocalFiles` along
/// with a `Vec` of `Summary`.
- pub fn new_with<'c: 'unblock + 'block>(
+ pub(crate) fn new_with<'c: 'unblock + 'block>(
local: &'c LocalFiles,
) -> (Self, Vec<Summary<'c, FirefoxDomainErr>>) {
let mut val = Self {
@@ -96,7 +96,7 @@ impl<'unblock, 'block> Domains<'unblock, 'block> {
summary.domain_count = summary.domain_count.saturating_add(1);
let domain = dom.into();
if !self.unblock.contains_superset(&domain) {
- self.block.insert(domain);
+ _ = self.block.insert(domain);
}
}
Value::Comment(_) => {
@@ -118,7 +118,7 @@ impl<'unblock, 'block> Domains<'unblock, 'block> {
/// a superset of it.
///
/// All parsing errors are ignored.
- pub fn add_block_files<'c: 'block>(
+ pub(crate) fn add_block_files<'c: 'block>(
&mut self,
files: &'c Files,
summaries: &mut Vec<Summary<'c, FirefoxDomainErr>>,
@@ -129,12 +129,11 @@ impl<'unblock, 'block> Domains<'unblock, 'block> {
///
/// All parsing errors are ignored.
fn add_files<
- 'unblock,
'block,
'c: 'block,
T: Into<RpzDomain<'block>> + ParsedDomain<'block, Error = FirefoxDomainErr> + Helper,
>(
- doms: &mut Domains<'unblock, 'block>,
+ doms: &mut Domains<'_, 'block>,
files: &'c [File],
summaries: &mut Vec<Summary<'c, FirefoxDomainErr>>,
) {
@@ -181,7 +180,7 @@ impl<'unblock, 'block> Domains<'unblock, 'block> {
/// # Errors
///
/// Returns `Error` iff `writeln` or `fs::rename` do.
- pub fn write(
+ pub(crate) fn write(
self,
path: Option<(AbsFilePath<false>, AbsFilePath<false>)>,
) -> Result<(usize, usize), Error> {
diff --git a/src/args.rs b/src/args.rs
@@ -6,7 +6,7 @@ use rpz::file::AbsFilePath;
use std::env::{self, Args};
/// Error returned when parsing arguments passed to the application.
#[derive(Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)]
-pub enum ArgsErr {
+pub(crate) enum ArgsErr {
/// Error when no arguments were passed to the application.
NoArgs,
/// Error when `-f`/`--file` is not passed or is passed
@@ -41,7 +41,7 @@ impl Display for ArgsErr {
impl Error for ArgsErr {}
/// The location of the configuration file.
#[derive(Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)]
-pub enum ConfigPath {
+pub(crate) enum ConfigPath {
/// The config file is to be read from `stdin`.
Stdin,
/// The config file resides on the local file system.
@@ -49,7 +49,7 @@ pub enum ConfigPath {
}
/// The options passed to the application.
#[derive(Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord)]
-pub enum Opts {
+pub(crate) enum Opts {
/// Variant when no arguments were passed.
None,
/// Variant when the help argument was passed.
@@ -72,7 +72,7 @@ pub enum Opts {
impl Opts {
/// Returns `Opts` based on arguments passed to the application.
#[expect(clippy::too_many_lines, reason = "this is fine")]
- pub fn from_args() -> Result<Self, ArgsErr> {
+ pub(crate) fn from_args() -> Result<Self, ArgsErr> {
/// Attempts to parse the next `Arg` into `-` or an absolute
/// path to a file.
fn get_path(args: &mut Args) -> Result<ConfigPath, ArgsErr> {
diff --git a/src/config.rs b/src/config.rs
@@ -9,7 +9,7 @@ use serde::de::{Deserialize, Deserializer, Error, MapAccess, SeqAccess, Unexpect
use std::collections::HashSet;
/// The TOML config file.
#[derive(Debug)]
-pub struct Config {
+pub(crate) struct Config {
/// The maximum amount of time allowed for an HTTP(S) file to be downloaded.
pub timeout: Option<Duration>,
/// The absolute file path for the [response policy zone (RPZ)](https://en.wikipedia.org/wiki/Response_policy_zone) file.
diff --git a/src/dom.rs b/src/dom.rs
@@ -57,6 +57,7 @@ impl error::Error for FirefoxDomainErr {}
const CHARS: &AllowedAscii<[u8; 78]> = &ASCII_FIREFOX;
/// Parses a `[u8]` into a `Domain` using `CHARS` with the added restriction that the `Domain` has a TLD
/// that is either all letters or has length of at least five and begins with `b"xn--"`.
+#[expect(single_use_lifetimes, reason = "false positive")]
#[expect(clippy::indexing_slicing, reason = "we verify manually")]
fn domain_icann_tld<'a: 'b, 'b>(val: &'a [u8]) -> Result<Domain<&'b str>, FirefoxDomainErr> {
Domain::try_from_bytes(val, CHARS)
@@ -234,6 +235,7 @@ pub trait ParsedDomain<'a>: Sized {
/// # Errors
///
/// Errors iff `val` is unable to be parsed into a `Value`.
+ #[expect(single_use_lifetimes, reason = "false positive")]
fn parse_value<'b: 'a>(val: &'b str) -> Result<Value<'a, Self>, Self::Error>;
/// Reference to the contained `Domain`.
fn domain(&self) -> &Domain<&'a str>;
@@ -635,6 +637,7 @@ impl<'a> Deref for Adblock<'a> {
}
impl<'a> ParsedDomain<'a> for Adblock<'a> {
type Error = FirefoxDomainErr;
+ #[expect(single_use_lifetimes, reason = "false positive")]
#[expect(
unsafe_code,
clippy::indexing_slicing,
@@ -927,6 +930,7 @@ impl<'a> Deref for DomainOnly<'a> {
}
impl<'a> ParsedDomain<'a> for DomainOnly<'a> {
type Error = FirefoxDomainErr;
+ #[expect(single_use_lifetimes, reason = "false positive")]
#[expect(
unsafe_code,
clippy::arithmetic_side_effects,
@@ -1155,6 +1159,7 @@ impl<'a> Deref for Hosts<'a> {
}
impl<'a> ParsedDomain<'a> for Hosts<'a> {
type Error = FirefoxDomainErr;
+ #[expect(single_use_lifetimes, reason = "false positive")]
#[expect(
unsafe_code,
clippy::arithmetic_side_effects,
@@ -1500,6 +1505,7 @@ impl<'a> Deref for Wildcard<'a> {
}
impl<'a> ParsedDomain<'a> for Wildcard<'a> {
type Error = FirefoxDomainErr;
+ #[expect(single_use_lifetimes, reason = "false positive")]
#[expect(
unsafe_code,
clippy::arithmetic_side_effects,
@@ -1847,6 +1853,7 @@ impl<'a: 'b, 'b> From<Wildcard<'a>> for RpzDomain<'b> {
}
impl<'a> ParsedDomain<'a> for RpzDomain<'a> {
type Error = FirefoxDomainErr;
+ #[expect(single_use_lifetimes, reason = "false positive")]
#[inline]
fn parse_value<'b: 'a>(val: &'b str) -> Result<Value<'a, Self>, Self::Error> {
DomainOnly::parse_value(val).map_or_else(
@@ -2288,7 +2295,7 @@ mod tests {
#[test]
fn test_superset_set() {
let mut iter = "*.NeT,*.net,www.bar.com,*.net,*.www.bar.com,||www.bar.com,*.bar.com,||bar.com,example.com,www.example.com,*.www.example.com,||www.example.com,*.example.com,||example.com,foo.com,www.foo.com,*.foo.com,*.com,example.net,*.abc.abc,||aawww.abc,abc.abc".split(|b| b == ',').fold(SupersetSet::new(), |mut doms, slice| {
- doms.insert(if slice.as_bytes()[0] == b'|' {
+ _ = doms.insert(if slice.as_bytes()[0] == b'|' {
RpzDomain::Adblock(Adblock::parse_value(slice).expect("Bug in Adblock::parse_value").unwrap_domain())
} else {
RpzDomain::Wildcard(Wildcard::parse_value(slice).expect("Bug in Wildcard::parse_value").unwrap_domain())
diff --git a/src/dom_count_auto_gen.rs b/src/dom_count_auto_gen.rs
@@ -10,7 +10,7 @@ use num_bigint::BigUint;
clippy::unreadable_literal,
reason = "autogenerated code and need it all"
)]
-pub fn proper_subdomain_count(dom: &Domain<&str>) -> BigUint {
+pub(crate) fn proper_subdomain_count(dom: &Domain<&str>) -> BigUint {
// The commented out code at the end of the function was used to calculate the cardinalities
// for each possible value of domain length; however it takes as much as 16 seconds to calculate
// for a given value of n, so we cache the results
diff --git a/src/file.rs b/src/file.rs
@@ -594,7 +594,7 @@ impl Files {
Ok(val) => match val {
Value::Domain(dom) => {
summary.domain_count = summary.domain_count.saturating_add(1);
- doms.insert(dom.into());
+ _ = doms.insert(dom.into());
}
Value::Comment(_) => {
summary.comment_count = summary.comment_count.saturating_add(1);
@@ -694,7 +694,7 @@ impl LocalFiles {
}
}
}
- dir.pop();
+ _ = dir.pop();
Ok(dir)
}
dir.push(name);
@@ -704,11 +704,11 @@ impl LocalFiles {
.and_then(|dir2| get_file(&mut files.hosts, dir2, "hosts/"))
.and_then(|dir2| get_file(&mut files.wildcard, dir2, "wildcard/"))
.map(|mut dir2| {
- dir2.pop();
+ _ = dir2.pop();
dir2
})
} else {
- dir.pop();
+ _ = dir.pop();
Ok(dir)
}
}
@@ -845,7 +845,7 @@ impl ExternalFiles {
) {
for url in Into::<HashSet<HttpUrl>>::into(urls) {
let url_clone = url.clone();
- set.spawn(async {
+ drop(set.spawn(async {
let resp = client
.get::<Url>(url_clone.into())
.send()
@@ -862,7 +862,7 @@ impl ExternalFiles {
})
},
)
- });
+ }));
}
}
}
diff --git a/src/lib.rs b/src/lib.rs
@@ -15,6 +15,14 @@
//! The purpose of these types is to make fetching, parsing, and transforming
//! ad-blocking files into a [response policy zone (RPZ)](https://en.wikipedia.org/wiki/Response_policy_zone)
//! file easier.
+#![expect(
+ clippy::multiple_crate_versions,
+ reason = "dependencies haven't updated to newest crates"
+)]
+#![expect(
+ unstable_features,
+ reason = "the only reason we require nightly is for the below features"
+)]
#![feature(btree_cursors)]
#![feature(io_error_more)]
/// Module for hostname-like domains including parsing [`str`]s
@@ -26,3 +34,6 @@ mod dom_count_auto_gen;
/// Module for fetching and parsing local and HTTP(S) files into
/// [`dom::RpzDomain`]s.
pub mod file;
+#[cfg(feature = "priv_sep")]
+use priv_sep as _;
+use toml as _;
diff --git a/src/main.rs b/src/main.rs
@@ -1,6 +1,14 @@
//! # `rpz`
//!
//! Consult [`README.md`](https://crates.io/crates/rpz).
+#![expect(
+ unstable_features,
+ reason = "we already require nightly, so we elect to use never"
+)]
+#![expect(
+ clippy::multiple_crate_versions,
+ reason = "dependencies haven't updated to newest crates"
+)]
#![feature(never_type)]
#![cfg_attr(doc, feature(doc_auto_cfg))]
/// Contains a wrapper of block and unblock `RpzDomain`s
@@ -18,11 +26,15 @@ use crate::{
args::{ArgsErr, ConfigPath, Opts},
config::Config,
};
+#[cfg(all(feature = "priv_sep", not(target_os = "openbsd")))]
+use ::priv_sep as _;
+use ascii_domain as _;
use core::{
error::Error,
fmt::{self, Display, Formatter},
time::Duration,
};
+use num_bigint as _;
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
use priv_sep::NulOrIoErr;
use reqwest::Client;
@@ -38,6 +50,8 @@ use std::{
};
use tokio::runtime::Builder;
use toml::de;
+use url as _;
+use zfc as _;
/// The HTTP(S) client that is used to download all files.
/// It is initialized exactly once in `main` before being used.
static CLIENT: OnceLock<Client> = OnceLock::new();
@@ -138,7 +152,7 @@ fn get_config(conf: ConfigPath) -> Result<Config, E> {
match conf {
ConfigPath::Stdin => {
let mut file = String::new();
- io::stdin().lock().read_to_string(&mut file)?;
+ _ = io::stdin().lock().read_to_string(&mut file)?;
file
}
ConfigPath::Path(path) => {
@@ -302,7 +316,7 @@ fn main() -> Result<(), E> {
priv_sep::unveil_create(file.as_path())
.and_then(|()| {
let mut rpz = file.clone();
- rpz.append("tmp");
+ _ = rpz.append("tmp");
priv_sep::unveil_create_read_write(rpz.as_path()).map(|()| Some(rpz))
})
.map_err(E::from)
@@ -381,15 +395,15 @@ pub(crate) mod test_prog {
use std::fs;
use std::process::Command;
/// The path to the program dir with no block subdirectories.
- pub const PROG_DIR_NO_SUB: &str = "/home/zack/projects/rpz/target/";
+ pub(crate) const PROG_DIR_NO_SUB: &str = "/home/zack/projects/rpz/target/";
/// The path to the program dir with block subdirectories.
- pub const PROG_DIR: &str = "/home/zack/projects/rpz/target/release/";
+ pub(crate) const PROG_DIR: &str = "/home/zack/projects/rpz/target/release/";
/// The path to the program.
const PROG: &str = "/home/zack/projects/rpz/target/release/rpz";
/// Message to append to the appropriate variable above if an issue occurs.
- pub const ERR_MSG: &str = " does not exist, so program testing cannot occur";
+ pub(crate) const ERR_MSG: &str = " does not exist, so program testing cannot occur";
/// Verify the correct directories and files exist.
- pub fn verify_files() {
+ pub(crate) fn verify_files() {
if !fs::metadata(PROG)
.expect(format!("{PROG}{ERR_MSG}").as_str())
.is_file()
@@ -453,7 +467,7 @@ pub(crate) mod test_prog {
}
}
}
- pub fn get_command() -> Command {
+ pub(crate) fn get_command() -> Command {
Command::new(PROG)
}
}
diff --git a/src/priv_sep.rs b/src/priv_sep.rs
@@ -15,12 +15,12 @@ use std::{
/// one to avoid having to disable certain lints.
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
#[derive(Clone, Copy)]
-pub struct Zst;
+pub(crate) struct Zst;
/// Calls `pledge` with only the sys calls necessary for a minimal application
/// to run. Specifically, the `Promise`s `Cpath`, `Dns`, `Inet`, `Rpath`, `Stdio`, `Unveil`, and `Wpath`
/// are passed.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn pledge_init() -> Result<Promises, Error> {
+pub(crate) fn pledge_init() -> Result<Promises, Error> {
let promises = Promises::new([
Promise::Cpath,
Promise::Dns,
@@ -38,7 +38,7 @@ pub fn pledge_init() -> Result<Promises, Error> {
/// No-op that always returns `Ok`.
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
-pub const fn pledge_init() -> Result<Zst, !> {
+pub(crate) const fn pledge_init() -> Result<Zst, !> {
Ok(Zst)
}
/// Removes `Cpath` and `Wpath` `Promise`s.
@@ -46,79 +46,79 @@ pub const fn pledge_init() -> Result<Zst, !> {
/// This should only be called when `stdout` is written to
/// instead of an RPZ file.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn pledge_away_create_write(promises: &mut Promises) -> Result<(), Error> {
+pub(crate) fn pledge_away_create_write(promises: &mut Promises) -> Result<(), Error> {
promises.remove_promises_then_pledge([Promise::Cpath, Promise::Wpath])
}
/// No-op that always returns `Ok`.
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
-pub const fn pledge_away_create_write(_: &mut Zst) -> Result<(), !> {
+pub(crate) const fn pledge_away_create_write(_: &mut Zst) -> Result<(), !> {
Ok(())
}
/// Removes `Promise::Unveil`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn pledge_away_unveil(promises: &mut Promises) -> Result<(), Error> {
+pub(crate) fn pledge_away_unveil(promises: &mut Promises) -> Result<(), Error> {
promises.remove_then_pledge(Promise::Unveil)
}
/// No-op that always returns `Ok`.
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
-pub const fn pledge_away_unveil(_: &mut Zst) -> Result<(), !> {
+pub(crate) const fn pledge_away_unveil(_: &mut Zst) -> Result<(), !> {
Ok(())
}
/// Removes `Promise::Dns` and `Promise::Inet`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn pledge_away_net(promises: &mut Promises) -> Result<(), Error> {
+pub(crate) fn pledge_away_net(promises: &mut Promises) -> Result<(), Error> {
promises.remove_promises_then_pledge([Promise::Dns, Promise::Inet])
}
/// No-op that always returns `Ok`.
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
-pub const fn pledge_away_net(_: &mut Zst) -> Result<(), !> {
+pub(crate) const fn pledge_away_net(_: &mut Zst) -> Result<(), !> {
Ok(())
}
/// Removes all `Promise`s except `Stdio`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn pledge_away_all_but_stdio(promises: &mut Promises) -> Result<(), Error> {
+pub(crate) fn pledge_away_all_but_stdio(promises: &mut Promises) -> Result<(), Error> {
promises.retain_then_pledge([Promise::Stdio])
}
/// No-op that always returns `Ok`.
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
-pub const fn pledge_away_all_but_stdio(_: &mut Zst) -> Result<(), !> {
+pub(crate) const fn pledge_away_all_but_stdio(_: &mut Zst) -> Result<(), !> {
Ok(())
}
/// Calls `unveil`_on `path` with no `Permissions`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn unveil_none<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
+pub(crate) fn unveil_none<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
Permissions::NONE.unveil(path)
}
/// No-op that always returns `Ok`.
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
-pub fn unveil_none<P: AsRef<Path>>(_: P) -> Result<(), !> {
+pub(crate) fn unveil_none<P: AsRef<Path>>(_: P) -> Result<(), !> {
Ok(())
}
/// Calls `unveil_none` on `/`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn veil_all() -> Result<(), NulOrIoErr> {
+pub(crate) fn veil_all() -> Result<(), NulOrIoErr> {
unveil_none("/")
}
/// No-op that always returns `Ok`.
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
-pub const fn veil_all() -> Result<(), !> {
+pub(crate) const fn veil_all() -> Result<(), !> {
Ok(())
}
/// Calls `unveil`_on `path` with `Permissions::CREATE`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn unveil_create<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
+pub(crate) fn unveil_create<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
Permissions::CREATE.unveil(path)
}
/// No-op that always returns `Ok`.
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
-pub fn unveil_create<P: AsRef<Path>>(_: P) -> Result<(), !> {
+pub(crate) fn unveil_create<P: AsRef<Path>>(_: P) -> Result<(), !> {
Ok(())
}
/// Calls `unveil`_on `path` with `Permissions::READ` and returns
@@ -128,7 +128,7 @@ pub fn unveil_create<P: AsRef<Path>>(_: P) -> Result<(), !> {
reason = "ErrorKind is non_exhaustive"
)]
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn unveil_read_dir<P: AsRef<Path>>(path: P) -> Result<bool, NulOrIoErr> {
+pub(crate) fn unveil_read_dir<P: AsRef<Path>>(path: P) -> Result<bool, NulOrIoErr> {
Permissions::READ.unveil(path).map_or_else(
|err| match err {
NulOrIoErr::Io(ref err2) => match err2.kind() {
@@ -146,7 +146,7 @@ pub fn unveil_read_dir<P: AsRef<Path>>(path: P) -> Result<bool, NulOrIoErr> {
reason = "too many branches to write out manually"
)]
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
-pub fn unveil_read_dir<P: AsRef<Path>>(path: P) -> Result<bool, Error> {
+pub(crate) fn unveil_read_dir<P: AsRef<Path>>(path: P) -> Result<bool, Error> {
fs::metadata(path).map_or_else(
|err| match err.kind() {
ErrorKind::NotFound => Ok(false),
@@ -157,13 +157,13 @@ pub fn unveil_read_dir<P: AsRef<Path>>(path: P) -> Result<bool, Error> {
}
/// Calls `unveil`_on `path` with `Permissions::READ`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn unveil_read_file<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
+pub(crate) fn unveil_read_file<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
Permissions::READ.unveil(path)
}
/// No-op that always returns `Ok`.
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
-pub fn unveil_read_file<P: AsRef<Path>>(_: P) -> Result<(), !> {
+pub(crate) fn unveil_read_file<P: AsRef<Path>>(_: P) -> Result<(), !> {
Ok(())
}
/// Calls `unveil` on all files necessary for HTTP(S) with `Permissions::READ`
@@ -172,7 +172,7 @@ pub fn unveil_read_file<P: AsRef<Path>>(_: P) -> Result<(), !> {
/// instead of `/etc/ssl/`.
#[expect(unsafe_code, reason = "safety comment justifies its correctness")]
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn unveil_https() -> Result<(), NulOrIoErr> {
+pub(crate) fn unveil_https() -> Result<(), NulOrIoErr> {
/// The path to the root certificate store.
const CERTS: &str = "/etc/ssl/cert.pem";
unveil_read_file(CERTS).map(|()| {
@@ -185,17 +185,17 @@ pub fn unveil_https() -> Result<(), NulOrIoErr> {
/// No-op that always returns `Ok`.
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
-pub const fn unveil_https() -> Result<(), !> {
+pub(crate) const fn unveil_https() -> Result<(), !> {
Ok(())
}
/// Calls `unveil`_on `path` with create, read, and write `Permissions`.
#[cfg(all(feature = "priv_sep", target_os = "openbsd"))]
-pub fn unveil_create_read_write<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
+pub(crate) fn unveil_create_read_write<P: AsRef<Path>>(path: P) -> Result<(), NulOrIoErr> {
(!Permissions::EXECUTE).unveil(path)
}
/// No-op that always returns `Ok`.
#[cfg(not(all(feature = "priv_sep", target_os = "openbsd")))]
#[expect(clippy::unnecessary_wraps, reason = "need to align with OpenBSD code")]
-pub fn unveil_create_read_write<P: AsRef<Path>>(_: P) -> Result<(), !> {
+pub(crate) fn unveil_create_read_write<P: AsRef<Path>>(_: P) -> Result<(), !> {
Ok(())
}
